Re: privacy/openness

From: Mike Lorrey (mlorrey@datamann.com)
Date: Fri Jul 20 2001 - 19:01:55 MDT


Lee Corbin wrote:
>
> Mike Lorrey writes
>
> > If we are going to be so discriminating, we need to discriminate by the
> > circumstances underwhich you came to know information about me, by what
> > relationship of confidence and trust was involved, and individuals must
> > consistently behave in a manner consistent with that trust.
> >
> > For example, selling web server information about me to anybody while at
> > the same time resisting on 'confidential relationship' grounds against
> > law enforcement obtaining the same information is logically
> > inconsistent.
>
> I'm not sure what "resisting" you are talking about. Many will
> perceive a difference between government doing the snooping, at
> public expense, and private parties doing the snooping. Agreed,
> someone here might be "logically inconsistent", but I have less
> of a problem with that than the use of force or enactment of
> unnecessary laws (of course).

Well, for example, a porn site says that it won't release your identity
to law enforcement when you register as a member, but sells your id and
all your browsing activity to ad and porn marketing companies. This is
inconsistent. A consistent application would be that either they provide
date to law enforcement under warrant but do not sell to just anybody,
or they sell to anybody and wilfully give to law enforcement, or they
don't give any information to anybody.

>
> > Similarly, a doctor refusing to provide health care information to, say,
> > a minor patient's parents, while at the same time providing that
> > information to sundry government agencies and insurance and drug
> > companies is similarly inconsistent.
>
> Maybe so, but the doctor is within his legal rights to do so,
> and should remain free to do so.

Uh, no. Since a minor child is the ward of their parents or other legal
guardians, performing medical procedures without their authorization on
their child is highly unethical. I don't care what your personal stance
is on certain medical procedures like, say, abortion. Ethics and morals
are meaningless if they are not consistently applied, and children,
especially, require that we apply morals and ethics consistently if they
are to become citizens with integrity.

>
> > If you advertise a privacy policy, there should be legal remedies to its
> > inconsistent application, arbitrary adjustment, or outright abrogation,
> > that those who the information is about have a right to pursue with
> > meaningful consequences if the violator is found guilty.
>
> This sounds to me as if you are arguing for "truth in advertizing".
> Failure to conform with one's publicly made promises is fraud, I
> suppose. No argument here, if I'm rightly understanding you.

Yes, but this is not being enforced, as Harvey illustrated so
effectively at Extro5.

>
> > One method of dealing with this is to implement actual trust/reputation
> > brokers that are functional and deal with privacy much as credit
> > agencies deal with financial responsibility, and lobby the DMA to
> > require that its members post up-to-the-minute trust ratings on their
> > privacy policy page.
>
> This is entirely different from what you were talking about
> before. This has little to do with fraud or violation of
> laws, and is a commendable free-market solution that doesn't
> impose on anyone's liberties.

The problem is with cross jurisdictional communications like the
internet. The DMA has little or no membership outside the US, and almost
none outside North America. Another problem is the implementation. This
would require that every individual posess an encrypted serialized
certificate with which they can authorize every instance of their
private information, and that individuals have an application that
allows them to query the internet for all instances of their personal
cookies on instances of their private data on servers around the world.
This also would require that the application conciously scan for
instances of the individuals private data and report to a trust bureau
the server and its owning corporations on which such data is present, or
from which spam using private data originates.

Browser applications need to become sophisticated enough that when a
person selects 'ok' when the form submission dialog pops up that it
engages these certifying processes. It should also provide data to the
person browsing of the trust rating of the entity to which the data is
being submitted.



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:08:56 MST